We have several 100 servers and we have few accounts used as a service account on these servers. It is a requirement by the application for these service accounts to be member of Domain Admins Group.
I would like to prevent some of the service accounts RDP access on all our servers. What is the quickest way of accomplishing this? Can I do something on the user level like Deny RDP Access etc.??